Cloudflare-first runtime
Zeitrex is designed for Cloudflare Workers and D1, reducing infrastructure sprawl and keeping request handling close to users globally.
Security
How we protect your data
Zeitrex uses a Cloudflare-native architecture and explicit role enforcement to protect project, staffing, and time-record data.
Role-based authorization
Owner, manager, and member roles are enforced at route level with organization-scoped data filtering to prevent cross-tenant access.
Session-based authentication
Authentication uses session cookies with server-side validation, secure password hashing, and optional passkey or TOTP factors.
Operational safeguards
Audit-aware admin workflows, strict API validation, and explicit authorization checks are used across planning and user management endpoints.
In practice
What this means in practice
These aren't future plans — every control listed here is live in the product today.
- Every request is authenticated with session tokens that expire automatically.
- Your data is isolated at the organization level — no cross-tenant access.
- Sensitive actions require manager or owner permissions.
- Optional passkey and two-factor authentication for stronger account security.